clubpenguinfanonfandomcom-20200223-history
Club Penguin Fan Universe:Hacking Defenses
Since there has been talk about hackers and the like lately, thought I'd give you guys some insight on how to secure your accounts; Brute Forcing Brute Forcing is one of the most common ways to get one's password. Brute Force consists of guessing a password (usually via a software) using every word/letter in the dictionary until the correct password is found. Used if hacker suspects target of having a weak password. How to Counter Brute Force Attacks *If you have a simple password (flower, gorilla, happy etc.) then I suggest to change it immediately. The more simpler your password is, the greater chance brute forcing has of finding it. *A very good program to counter brute forcing is Online Password Calculator. You simply click on the things your password may consist of, and it calculates the time it will take for a brute force attack to find your password. Phishing Phishing will work if the target is gullible enough. What phishing consists of is creating a website (usually under free webhosting domains) that disguise themselves as a trustworthy website. If target falls for the website and enters their account name and password, it sends an e-mail to the hacker's email address telling him/her their information. Phishing mainly relies on social engineering and the gullibility of users. How to Counter Phishing *Always look carefully at a URL. Example; www.clubpenguinfanon.wikia.com is this site's name. Phishing sites have stuff like www.ripway.clubpenguinfanon.com etc. *Be sure to Google a site's name if thinking of visiting a site. If the search shows results that look the same, don't go there. Social Engineering Social Engineering is not a hack at all, and requires no software. Social Engineering is mainly using cunning talk and psycology to convince target to give them their personal information, passwords, credit card numbers etc. How to Counter Social Engineering *NEVER give your passwords and personal info to ANYONE. Not even your mom, your dad, your brother, your sister, Towley, Colonel Sanders, Jerry Springer, Oprah, a site administrator, ANYONE. *If you suspect someone is using social engineering techniques on you, tell them nothing. Simple question you need to ask yourselves; why would this person want my personal information? DDOS (Distributed Denial of Service) Attacks DDoS attacks depend on getting the DDoS client to run on a wide range of machines. The usual trick is to package it as a "Trojan horse", an innocent-looking but secretly malicious program that unsuspecting people will run. Once a Trojan is activated, one of the first things it typically does is register its presence somewhere, usually by sending TCP/IP packets to a well-known destination. How to Counter DDOS Attacks *Go to Microsoft's security bulletin website]. Download all the pertinent patches you don't already have installed. *Configure your firewall to block (or, better, ignore) traffic on any port you don't actually need. If you don't know which ports should be open for particular services, see Microsoft Knowledge Base (KB) article *Review the TCP/IP hardening settings described in Security Considerations for Network Attacks Apply them to any server which is exposed directly to the Internet. Unfortunately, protecting your machines against attacks can be difficult because attackers keep changing their modus operandi. It's simpler to prevent your computers from becoming zombies and contributing to the DDoS problem. A few simple steps that you can take now will do the trick: *Protect your machines against compromise. If your machines don't get Trojans on them in the first place, they won't act as DDoS participants. *Don't run attachments/programs you get from unknown or untrusted sources. Be careful with programs that come from or claim to come from -- club penguin cheating sites, adult sites, and the like. If you're running Windows 2000 or Windows XP, never use the Administrator account, or any account with similar privileges, for routine tasks. Having a Trojan is bad; it's worse when that Trojan runs with administrative privileges. **If you Vista, no matter what, DO NOT disable UAC. That makes the admin account safer by requiring confirmation before performing admin actions. *Use antivirus software. The major antivirus vendors are all very good at quickly producing updates when a new Trojan is released in the wild. Diligent use of these tools will help keep your machines clean, particularly if you use them to scan new files before you execute them. I recommend Norton, Trend Micro Internet Security, and McAfee. Walruses The Walruses are a group of hackers. They mainly recruit from CPHQ (clubpenguinhq) to join in their spamming and vandalism, or raids, as they are commonly called by the group. Their main wiki target is CPW, although there have been a few attacks here as well. Regarding their hacking skills, they use DDOS attacks to take down websites, Google searches to dox, and Brute Force tactics to steal passwords, however, they use a wide majority of other tactics. How to Counter Walrus Attacks *Stop giving them a reason to attack. This means stop attempting to vandalize their wiki, stop making campaigns against them, and stop making xat channels against them. Stop trying to be a hero, you're not dealing with some simple game where you can kill other players; you're dealing with hackers that can and will hack you. They "raid" for a reason, and you guys are giving them plenty of reasons. They are human, just like you. *Use the DDOS protection as stated above, and use the Brute Force protection as well. *If a Walrus attacks here, the edits can be reverted. If a Walrus gains a Bureaucrat's account, report it to Uberfuzzy, since he knows the situation alot better than the rest of Wiki's staff. The more you panic, the more the Walruses will lololol and want to do it more. The Walruses can't "destroy" the wiki because if the wiki was apparently destroyed, the site would be removed from the internet. The only bad things they can do here is vandalize. **See also Project:RBIS. *Follow sites that hate the Walri, to see what they're up to. TS recomends Nachos of CP, as they don't swear that much. General Tips *If you have set your passwords as "Remember me" then delete it. Hackers can backtrack your information - they can backtrack that too. Delete your browser cookies, and clear your internet cache. The best way to remember your passwords is to write it down somewhere safe. *Be sure to keep your password nice and long so that there's a greater protection. Having a combination of lower case and upper case letters, along with numbers, is a good way to protect your account. Be creative when thinking of a password, but always make sure its easy to remember, and write it down. References *1. Microsoft Technet's Distributed Denial-of-Service Attacks and You *2. Gone Phishing! *3. Password Recovery Methods - Brute Force Attack Comments *Hopefully this has helped some people BugzyTalk 12:18, 25 May 2009 (UTC) Category:Policy